When using FORM login verification, using j_security_check, j_username, and j_password; How is the user\password\groups authenticated? I don't see individual user id's in the web.xml. The system is in WebLogic.
User credentials are not stored in web.xml. User credentials are usually stored in some other resource like a database or LDAP directory. In the application I have handy (WLS 8.1), this is configured in the server's config.xml file, but I'm sure there's other ways.
